Samsung Wave ships with malware-infected memory card
June 5, 2010 by admin
Filed under Security News
Take care if you’ve recently bought a Samsung S8500 Wave smartphone – it could have come pre-installed with malware on its memory card.
According to reports, the 1GB microSD card that ships with the sexy bada touch-screen smartphone carries an unwelcome surprise – a piece of malware that can automatically run if you plug the card into your Windows computer.
The tell-tale sign of infection is the existence of the aUtoRuN.iNF and slmsrv.exe files on the microSD card. If you haven’t configured your Windows computer to ignore the autorun command, then when you plug the card into your PC the malicious slmsrv.exe file will be executed.
Removal tool for W32/VBSAuto-C, VBS/Slogod.X (Startup.scr, winxp.exe, winjpg.jpg, M.p.jpg) WORM
March 21, 2010 by admin
Filed under Removal Tips,Tools and Videos
Removal tool for Generic.Malware.SL!!M.807DC390 (mso.exe, usbflash.com) Keylogger
January 31, 2010 by admin
Filed under Removal Tips,Tools and Videos
Submitted By Google Pnookle
- Sets the drive to autoplay by creating autorun.inf file in its root directory.
- Creates a startup registry entry.
How to Remove All Types of Magania (W32_Gammima,Trojan-GameThief,Taterf,Win32.Inhoo) Trojan
October 13, 2009 by admin
Filed under Removal Tips,Tools and Videos
- Magania trojan Sets the drive to autoplay by creating autorun.inf file in its root directory. If the drive is shared across the network then other remote computers can be infected any time they try to access this share.
- Downloads/requests other files from Internet.
- Creates a startup registry entry.
Autorun no more
September 24, 2009 by admin
Filed under Protection Tools
A little while ago, Microsoft released an update which partially disables some autorun functionality on Windows operating systems prior to Windows 7. The update, known as KB971029, is intended for Windows XP, Vista, Server 2003, and Server 2008. The autorun function is used to automatically start installation processes from CDs, DVDs, and USB drives, as well as other types of removable media.
Autorun works by using a file named autorun.inf found in the root of the file system for removable drives. While this is a helpful process when used with a trusted resource, such as a software installer from a CD, it has long been a successful malware infection vector on rewritable drives.
At Kaspersky, we’ve frequently urged Microsoft to disable this process, as anything that automatically installs software or code without properly informing the user can and will be used maliciously. In the past we’ve discovered infected consumer devices, and the autorun function has been used to spread incredibly successful threats as Conficker (Kido). This listing gives you a partial idea of just how often “autorun” gets used as an infection vector.
Early versions of Windows, including Windows XP Service Pack 1 and earlier, would automatically launch software on a rewritable drive with no notification. XP Service Pack 2 and later would automatically launch a window when the drive was inserted, and you could then choose to run an executable. In fact, you could check a box at the bottom to “Always do the selected action”. Malware creators often create an autorun.inf file on removable media when a malicious program launches, and this extends the attack vectors beyond network propagation. A shared USB drive becomes a threat to a network that may not even have Internet access.
With Windows XP Service Pack 2, and in Vista and Server 2008, a new feature called Autoplay was introduced. The Autoplay function pops up a window when an autorun.inf file is detected and requests action from the user. The options are to install a program, which launches the intended executable, or to open the folder to view files. While this approach is better than automatically running an executable without user knowledge, it’s not exactly safe. Most casual computer users are conditioned to keep clicking until the file opens, so this just adds a step on the road to infection. The update mentioned above disables the autoplay function on writable media like USB drives, while leaving the autoplay function intact for CDs and DVDs.
Windows 7 disables the function altogether on writable external drives by default. This is a much safer approach; although it makes it more difficult for the average person to find out what to do next when trying to install something new, there’s always a trade-off between security and usability. While we commend Microsoft for finally implementing this fix, it took far too long. Countless infections could have been avoided, and Conficker might have spread less widely if this simple fix had been pushed out earlier.
Source: viruslist.com
New Sality Virus In Sight ( Virus.Win32.Sality.aa Win32/Sality.AM W32/Sality.ah )
April 22, 2009 by admin
Filed under Security News
Symantec
W32.Sality.AM
Risk Level 2: Low
How To Remove Conficker Worm And Protect Yourself Step By Step With VirusExperts.org Removal Package
April 21, 2009 by admin
Filed under Protection Tools, Removal Tips,Tools and Videos
There is a lot of tools that can remove Conficker worm but when conficker changed to more than one version A,B,C and E, some of tools not effected so we collected the best tools to remove and protect from conficker worm.
How To Disable Disable Autoplay of USB Drives ( USB AutoRun )
April 20, 2009 by admin
Filed under Protection Tools
To Disable USB Autorun, go to Start Menu > Run and type in :
gpedit.msc
You will see the Group Policy window. You should select Administrative Templates \ System in the tree view:
